• @Socsa@sh.itjust.works
    link
    fedilink
    28 months ago

    This has always been the case. Maybe I work in a unique field but we spend a lot of time duplicating functionality from open source and not linking to it directly for specifically this reason, at least in some cases. It’s a good compromise between rolling your own software and doing a formal security audit. Plus you develop institutional knowledge for that area.

    And yes, we always contribute code back where we can.

    • @datelmd5sum@lemmy.world
      link
      fedilink
      28 months ago

      We run our forks not because of security, but because pretty much nothing seems to work for production use without some source code level mods.